package com.gitblit.transport.ssh;

import com.gitblit.Constants;
import com.gitblit.IStoredSettings;
import com.gitblit.Keys;
import com.gitblit.ldap.LdapConnection;
import com.gitblit.models.UserModel;
import com.gitblit.utils.StringUtils;
import com.google.common.base.Joiner;
import com.google.inject.Inject;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.util.GenericUtils;

/* loaded from: input_file:com/gitblit/transport/ssh/LdapKeyManager.class */
public class LdapKeyManager extends IPublicKeyManager {
    private static final Pattern PREFIX_PATTERN = Pattern.compile("^([^\":]+):");
    private static final Pattern GB_PERM_PATTERN = Pattern.compile("(?i:gbPerm)\\s*=\\s*(?:\\\\\"|\")?\\s*([A-Za-z+-]+)");
    private final IStoredSettings settings;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/gitblit/transport/ssh/LdapKeyManager$GbAuthorizedKeyEntry.class */
    public static class GbAuthorizedKeyEntry extends AuthorizedKeyEntry {
        private static final long serialVersionUID = 1;
        private static final Pattern LEADIN_PATTERN = Pattern.compile("^((?:[^\\s\"]*|(?:\"(?:[^\"\\\\]|\\\\\"|\\\\)*\"))*\\s+)(.+)");
        private static final Pattern OPTION_PATTERN = Pattern.compile("([^\",]+|(?:\"(?:[^\"\\\\]|\\\\\"|\\\\)*\"))+");
        private Map<String, List<String>> loginOptionsMulti = Collections.emptyMap();

        private GbAuthorizedKeyEntry() {
        }

        List<String> getLoginOptionValues(String str) {
            return this.loginOptionsMulti.get(str);
        }

        public static GbAuthorizedKeyEntry parseAuthorizedKeyEntry(String str) throws IllegalArgumentException {
            GbAuthorizedKeyEntry parsePublicKeyEntry;
            String trimToEmpty = GenericUtils.trimToEmpty(str);
            if (StringUtils.isEmpty(trimToEmpty) || trimToEmpty.charAt(0) == '#') {
                return null;
            }
            Matcher matcher = LEADIN_PATTERN.matcher(trimToEmpty);
            if (!matcher.lookingAt()) {
                throw new IllegalArgumentException("Bad format (no key data delimiter): " + trimToEmpty);
            }
            String trim = matcher.group(1).trim();
            if (KeyUtils.getPublicKeyEntryDecoder(trim) == null) {
                parsePublicKeyEntry = parseAuthorizedKeyEntry(matcher.group(2));
                if (parsePublicKeyEntry == null) {
                    throw new IllegalArgumentException("Bad format (no key data after login options): " + trimToEmpty);
                }
                parsePublicKeyEntry.parseAndSetLoginOptions(trim);
            } else {
                int indexOf = trimToEmpty.indexOf(32);
                if (indexOf <= 0) {
                    throw new IllegalArgumentException("Bad format (no key data delimiter): " + trimToEmpty);
                }
                int indexOf2 = trimToEmpty.indexOf(32, indexOf + 1);
                if (indexOf2 <= indexOf) {
                    indexOf2 = trimToEmpty.length();
                }
                String trim2 = indexOf2 < trimToEmpty.length() - 1 ? trimToEmpty.substring(0, indexOf2).trim() : trimToEmpty;
                String trim3 = indexOf2 < trimToEmpty.length() - 1 ? trimToEmpty.substring(indexOf2 + 1).trim() : null;
                parsePublicKeyEntry = parsePublicKeyEntry(new GbAuthorizedKeyEntry(), trim2);
                parsePublicKeyEntry.setComment(trim3);
            }
            return parsePublicKeyEntry;
        }

        private void parseAndSetLoginOptions(String str) {
            Matcher matcher = OPTION_PATTERN.matcher(str);
            if (!matcher.find()) {
                this.loginOptionsMulti = Collections.emptyMap();
            }
            TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
            do {
                String trimToEmpty = GenericUtils.trimToEmpty(matcher.group());
                if (!StringUtils.isEmpty(trimToEmpty)) {
                    int indexOf = trimToEmpty.indexOf(61);
                    String trimToEmpty2 = indexOf < 0 ? trimToEmpty : GenericUtils.trimToEmpty(trimToEmpty.substring(0, indexOf));
                    CharSequence stripQuotes = GenericUtils.stripQuotes(indexOf < 0 ? null : GenericUtils.trimToEmpty(trimToEmpty.substring(indexOf + 1)));
                    if (stripQuotes == null) {
                        stripQuotes = Boolean.TRUE.toString();
                    }
                    List list = (List) treeMap.get(trimToEmpty2);
                    if (list == null) {
                        list = new ArrayList();
                        treeMap.put(trimToEmpty2, list);
                    }
                    list.add(stripQuotes.toString());
                }
            } while (matcher.find());
            this.loginOptionsMulti = treeMap;
        }
    }

    @Inject
    public LdapKeyManager(IStoredSettings iStoredSettings) {
        this.settings = iStoredSettings;
    }

    public String toString() {
        return getClass().getSimpleName();
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager, com.gitblit.manager.IManager
    public LdapKeyManager start() {
        this.log.info(toString());
        return this;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean isReady() {
        return true;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager, com.gitblit.manager.IManager
    public LdapKeyManager stop() {
        return this;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    protected boolean isStale(String str) {
        return true;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    protected List<SshKey> getKeysImpl(String str) {
        LdapConnection ldapConnection = new LdapConnection(this.settings);
        Throwable th = null;
        try {
            if (ldapConnection.connect()) {
                this.log.info("loading ssh key for {} from LDAP directory", str);
                if (ldapConnection.bind() == null) {
                    ldapConnection.close();
                    if (ldapConnection != null) {
                        if (0 != 0) {
                            try {
                                ldapConnection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            ldapConnection.close();
                        }
                    }
                    return null;
                }
                String string = this.settings.getString(Keys.realm.ldap.sshPublicKey, "sshPublicKey");
                String str2 = null;
                int indexOf = string.indexOf(58);
                if (indexOf > 0) {
                    str2 = string.substring(indexOf + 1);
                    string = string.substring(0, indexOf);
                }
                SearchResult searchUser = ldapConnection.searchUser(getSimpleUsername(str), Arrays.asList(string));
                ldapConnection.close();
                if (searchUser != null && searchUser.getResultCode() == ResultCode.SUCCESS) {
                    if (searchUser.getEntryCount() > 1) {
                        this.log.info("Found more than one entry for user {} in LDAP. Cannot retrieve SSH key.", str);
                        if (ldapConnection != null) {
                            if (0 != 0) {
                                try {
                                    ldapConnection.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                ldapConnection.close();
                            }
                        }
                        return null;
                    }
                    if (searchUser.getEntryCount() < 1) {
                        this.log.info("Found no entry for user {} in LDAP. Cannot retrieve SSH key.", str);
                        if (ldapConnection != null) {
                            if (0 != 0) {
                                try {
                                    ldapConnection.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                ldapConnection.close();
                            }
                        }
                        return null;
                    }
                    String[] attributeValues = ((SearchResultEntry) searchUser.getSearchEntries().get(0)).getAttributeValues(string);
                    if (attributeValues == null || attributeValues.length == 0) {
                        this.log.info("found no keys for user {} under attribute {} in directory", str, string);
                        if (ldapConnection != null) {
                            if (0 != 0) {
                                try {
                                    ldapConnection.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            } else {
                                ldapConnection.close();
                            }
                        }
                        return null;
                    }
                    ArrayList<GbAuthorizedKeyEntry> arrayList = new ArrayList(attributeValues.length);
                    Matcher matcher = PREFIX_PATTERN.matcher("");
                    for (String str3 : attributeValues) {
                        String join = Joiner.on("").join(str3.replace("\r\n", "\n").split("\n"));
                        matcher.reset(join);
                        try {
                        } catch (IllegalArgumentException e) {
                            this.log.info("Failed to parse key entry={}:", join, e.getMessage());
                        }
                        if (matcher.lookingAt()) {
                            if (str2 != null && str2.equalsIgnoreCase(matcher.group(1).trim())) {
                                arrayList.add(GbAuthorizedKeyEntry.parseAuthorizedKeyEntry(join.substring(matcher.end())));
                            }
                        } else if (str2 == null) {
                            arrayList.add(GbAuthorizedKeyEntry.parseAuthorizedKeyEntry(join));
                        }
                    }
                    ArrayList arrayList2 = new ArrayList(arrayList.size());
                    for (GbAuthorizedKeyEntry gbAuthorizedKeyEntry : arrayList) {
                        try {
                            SshKey sshKey = new SshKey(gbAuthorizedKeyEntry.resolvePublicKey(null));
                            sshKey.setComment(gbAuthorizedKeyEntry.getComment());
                            setKeyPermissions(sshKey, gbAuthorizedKeyEntry);
                            arrayList2.add(sshKey);
                        } catch (IOException | GeneralSecurityException e2) {
                            this.log.warn("Error resolving key entry for user {}. Entry={}", new Object[]{str, gbAuthorizedKeyEntry, e2});
                        }
                    }
                    return arrayList2;
                }
            }
            if (ldapConnection == null) {
                return null;
            }
            if (0 == 0) {
                ldapConnection.close();
                return null;
            }
            try {
                ldapConnection.close();
                return null;
            } catch (Throwable th6) {
                th.addSuppressed(th6);
                return null;
            }
        } finally {
            if (ldapConnection != null) {
                if (0 != 0) {
                    try {
                        ldapConnection.close();
                    } catch (Throwable th7) {
                        th.addSuppressed(th7);
                    }
                } else {
                    ldapConnection.close();
                }
            }
        }
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean addKey(String str, SshKey sshKey) {
        return false;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean removeKey(String str, SshKey sshKey) {
        return false;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean removeAllKeys(String str) {
        return false;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean supportsWritingKeys(UserModel userModel) {
        return false;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean supportsCommentChanges(UserModel userModel) {
        return false;
    }

    @Override // com.gitblit.transport.ssh.IPublicKeyManager
    public boolean supportsPermissionChanges(UserModel userModel) {
        return false;
    }

    private void setKeyPermissions(SshKey sshKey, GbAuthorizedKeyEntry gbAuthorizedKeyEntry) {
        List<String> loginOptionValues = gbAuthorizedKeyEntry.getLoginOptionValues("environment");
        if (loginOptionValues == null || loginOptionValues.isEmpty()) {
            return;
        }
        for (String str : loginOptionValues) {
            Matcher matcher = GB_PERM_PATTERN.matcher(str);
            if (matcher.find()) {
                String trim = matcher.group(1).trim();
                Constants.AccessPermission fromCode = Constants.AccessPermission.fromCode(trim);
                if (fromCode == Constants.AccessPermission.NONE) {
                    fromCode = Constants.AccessPermission.valueOf(trim.toUpperCase());
                }
                if (fromCode != null && fromCode != Constants.AccessPermission.NONE) {
                    try {
                        sshKey.setPermission(fromCode);
                    } catch (IllegalArgumentException e) {
                        this.log.warn("Incorrect permissions ({}) set for SSH key entry {}.", new Object[]{fromCode, str, e});
                    }
                }
            }
        }
    }

    private String getSimpleUsername(String str) {
        int lastIndexOf = str.lastIndexOf(92);
        if (lastIndexOf > -1) {
            str = str.substring(lastIndexOf + 1);
        }
        return str;
    }
}
